Debian Linux Security Advisory 2765-1 - Davfs2, a filesystem client for WebDAV, calls the function system() insecurely while is setuid root. This might allow a privilege escalation.
3903ec4ccc79432967878e89f87d6fdeefddcd86cea4d6f09148d0d4af7e6b8bGentoo Linux Security Advisory 201309-24 - Multiple vulnerabilities have been found in Xen, allowing attackers on a Xen Virtual Machine to execute arbitrary code, cause Denial of Service, or gain access to data on the host. Versions less than 4.2.2-r1 are affected.
42fbd346dc4e79100c814835fd5068ef0a6bd2ccc23977307e7f191f8be1cc22Gentoo Linux Security Advisory 201309-23 - Multiple vulnerabilities have been found in Mozilla Firefox, Thunderbird, and SeaMonkey, some of which may allow a remote user to execute arbitrary code. Versions less than 17.0.9 are affected.
4bef7b0a7ff87d60b621f002b69fe1f1340530418ea99fdd367ef66518e8baefUbuntu Security Notice 1968-1 - Vince Weaver discovered a flaw in the perf subsystem of the Linux kernel on ARM platforms. A local user could exploit this flaw to gain privileges or cause a denial of service (system crash). A failure to validate block numbers was discovered in the Linux kernel's implementation of the XFS filesystem. A local user can cause a denial of service (system crash) if they can mount, or cause to be mounted a corrupted or special crafted XFS filesystem. Various other issues were also addressed.
c10a089319f695c9298e0218e80d367e4b8e7a42beb195bb76762a24d36b98d9Ubuntu Security Notice 1975-1 - Vince Weaver discovered a flaw in the perf subsystem of the Linux kernel on ARM platforms. A local user could exploit this flaw to gain privileges or cause a denial of service (system crash). A failure to validate block numbers was discovered in the Linux kernel's implementation of the XFS filesystem. A local user can cause a denial of service (system crash) if they can mount, or cause to be mounted a corrupted or special crafted XFS filesystem. Various other issues were also addressed.
16189fdb29ef1621c06768231ec01452d6b65dbd6af49cfb6d4bd1119fec079fUbuntu Security Notice 1974-1 - Vince Weaver discovered a flaw in the perf subsystem of the Linux kernel on ARM platforms. A local user could exploit this flaw to gain privileges or cause a denial of service (system crash). A memory leak was discovered in the user namespace facility of the Linux kernel. A local user could cause a denial of service (memory consumption) via the CLONE_NEWUSER unshare call.
8bf12b9042e8f4abd989d6e76d6db7e8fcb5cea6a2e6f38d7a1f196d0e16af7eUbuntu Security Notice 1973-1 - Vince Weaver discovered a flaw in the perf subsystem of the Linux kernel on ARM platforms. A local user could exploit this flaw to gain privileges or cause a denial of service (system crash). A failure to validate block numbers was discovered in the Linux kernel's implementation of the XFS filesystem. A local user can cause a denial of service (system crash) if they can mount, or cause to be mounted a corrupted or special crafted XFS filesystem. Various other issues were also addressed.
63ed8f5b37475a48348edd4c032b51579f379e3d69cb52befecd1727d51a37f4Ubuntu Security Notice 1972-1 - Vince Weaver discovered a flaw in the perf subsystem of the Linux kernel on ARM platforms. A local user could exploit this flaw to gain privileges or cause a denial of service (system crash). A failure to validate block numbers was discovered in the Linux kernel's implementation of the XFS filesystem. A local user can cause a denial of service (system crash) if they can mount, or cause to be mounted a corrupted or special crafted XFS filesystem. Various other issues were also addressed.
0f9fefdbe51478ae4584a337c802dbed9908e144c668effefb4cb60f45b7d502Ubuntu Security Notice 1971-1 - Vince Weaver discovered a flaw in the perf subsystem of the Linux kernel on ARM platforms. A local user could exploit this flaw to gain privileges or cause a denial of service (system crash). A memory leak was discovered in the user namespace facility of the Linux kernel. A local user could cause a denial of service (memory consumption) via the CLONE_NEWUSER unshare call.
ed029cbc0dd66c1d66db892fcfc9337d09dcc8dbd8c1bfe377effe4cbfa96845Gentoo Linux Security Advisory 201309-21 - A vulnerability in klibc could allow remote attackers to execute arbitrary shell code. Versions less than 1.5.25 are affected.
c94186050607efd9128a0698480eb18e3be1e4b7372b9a9ff84a90f3617d61e0Gentoo Linux Security Advisory 201309-20 - Multiple vulnerabilities have been found in Dropbear, the worst of which could lead to arbitrary code execution. Versions less than 2012.55 are affected.
8c501aac169b59f4d7e34bf130f52ad2568dffab61cd485f6e2a81642491f13fRed Hat Security Advisory 2013-1292-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. A use-after-free flaw was found in the madvise() system call implementation in the Linux kernel. A local, unprivileged user could use this flaw to cause a denial of service or, potentially, escalate their privileges. A flaw was found in the way the Linux kernel's TCP/IP protocol suite implementation handled IPv6 sockets that used the UDP_CORK option. A local, unprivileged user could use this flaw to cause a denial of service.
bb34fbaf34b1e2d0617595612c429058d891776d85b070142cca272b51e1610aEMC VPLEX contains a vulnerability that stores the LDAP/AD bind password in plain text in the VPLEX management server configuration file. This can potentially be exploited by a malicious user who has access to the configuration file to obtain the sensitive password and gain privileged access to protected resources. Affected versions include EMC VPLEX Local/Metro/Geo with GeoSynchrony 5.2 Patch1 and below.
84420a97ddf942aaec63002319e68c4e2bde47b40f973c04b4e92beb9a06cc3fMandriva Linux Security Advisory 2013-242 - Multiple vulnerabilities has been found and corrected in the Linux kernel. Multiple array index errors in drivers/hid/hid-core.c in the Human Interface Device subsystem in the Linux kernel through 3.11 allow physically proximate attackers to execute arbitrary code or cause a denial of service via a crafted device that provides an invalid Report ID. drivers/hid/hid-zpff.c in the Human Interface Device subsystem in the Linux kernel through 3.11, when CONFIG_HID_ZEROPLUS is enabled, allows physically proximate attackers to cause a denial of service via a crafted device. drivers/hid/hid-pl.c in the Human Interface Device subsystem in the Linux kernel through 3.11, when CONFIG_HID_PANTHERLORD is enabled, allows physically proximate attackers to cause a denial of service via a crafted device. Various other issues were also addressed. The updated packages provides a solution for these security issues.
293756ed7837559d6b59c73b10281e441cc79100240203c0f546001f31ee5c5fRed Hat Security Advisory 2013-1286-01 - Red Hat JBoss Fuse 6.0.0, based on Apache ServiceMix, provides an integration platform. Red Hat JBoss A-MQ 6.0.0, based on Apache ActiveMQ, is a standards compliant messaging system that is tailored for use in mission critical applications. Red Hat JBoss Fuse/A-MQ 6.0.0 patch 3 is an update to Red Hat JBoss Fuse 6.0.0 and Red Hat JBoss A-MQ 6.0.0, including bug fixes.
00bf9cb3012b34b18caf3a7e6ef4e16f192f067db73ce5a9c00f4ecee299a979Debian Linux Security Advisory 2764-1 - Daniel P. Berrange discovered that incorrect memory handling in the remoteDispatchDomainMemoryStats() function could lead to denial of service.
dd359ee6a114c2ea12723e65fab5b15ff7b13a65fc45369003a122ce5e0872baCisco Security Advisory - A vulnerability in the Resource Reservation Protocol (RSVP) feature of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to trigger an interface queue wedge on the affected device. The vulnerability is due to improper parsing of UDP RSVP packets. An attacker could exploit this vulnerability by sending UDP port 1698 RSVP packets to the vulnerable device. An exploit could cause Cisco IOS Software and Cisco IOS XE Software to incorrectly process incoming packets, resulting in an interface queue wedge, which can lead to loss of connectivity, loss of routing protocol adjacency, and other denial of service (DoS) conditions. Cisco has released free software updates that address this vulnerability. Workarounds that mitigate this vulnerability are available.
3b78cfc49fd1ee0b1521f34bcd5270992188dc65edc558825433c0c63d976267Cisco Security Advisory - A vulnerability in the Internet Key Exchange (IKE) protocol of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a memory leak that could lead to a device reload. The vulnerability is due to incorrect handling of malformed IKE packets by the affected software. An attacker could exploit this vulnerability by sending crafted IKE packets to a device configured with features that leverage IKE version 1 (IKEv1). Although IKEv1 is automatically enabled on a Cisco IOS Software and Cisco IOS XE Software when IKEv1 or IKE version 2 (IKEv2) is configured, the vulnerability can be triggered only by sending a malformed IKEv1 packet. In specific conditions, normal IKEv1 packets can also cause an affected release of Cisco IOS Software to leak memory. Only IKEv1 is affected by this vulnerability. An exploit could cause Cisco IOS Software not to release allocated memory, causing a memory leak. A sustained attack may result in a device reload. Cisco has released free software updates that address this vulnerability. There are no workarounds to mitigate this vulnerability.
926f6df2eb60f84bd616da0c798b13eedfde7066aed0633134cdd5f5c378ddcfGentoo Linux Security Advisory 201309-19 - A vulnerability in TPP might allow a remote attacker to execute arbitrary code. Versions less than 1.3.1-r2 are affected.
3a9f9ad7060b3de29312c0d41a721213a4c5d59e7cbda803afdbcc82f7a2c31bRed Hat Security Advisory 2013-1285-01 - The openstack-keystone packages provide Keystone, a Python implementation of the OpenStack identity service API, which provides Identity, Token, Catalog, and Policy services. It was found that Keystone did not correctly handle revoked PKI tokens, allowing users with revoked tokens to retain access to resources they should no longer be able to access. This issue only affected systems using PKI tokens with the memcache or KVS token back ends.
28df121d2a467014fbdbd4c61516f0f6cb586350418bb55edb71c88884ec877eMandriva Linux Security Advisory 2013-241 - The Crypt::DSA module 1.17 and earlier for Perl, when /dev/random is absent, uses the Data::Random module, which makes it easier for remote attackers to spoof a signature, or determine the signing key of a signed message, via a brute-force attack. The updated packages have been patched to correct this issue.
8bf65c0836d8b1066a9f09c8a587483fb026967a49173ae948aff56262dedc39Gentoo Linux Security Advisory 201309-18 - Multiple vulnerabilities have been found in libvirt, allowing remote attackers to execute arbitrary code or cause Denial of Service. Versions less than 1.0.5.1-r3 are affected.
9257d13b61a35d266211c700641ed9bda77545c33aa5ed5116ee2974035d6fedCisco Security Advisory - A vulnerability in the DHCP implementation of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerability occurs during the parsing of crafted DHCP packets. An attacker could exploit this vulnerability by sending crafted DHCP packets to an affected device that has the DHCP server or DHCP relay feature enabled. An exploit could allow the attacker to cause a reload of an affected device. Cisco has released free software updates that address this vulnerability. There are no workarounds to this vulnerability.
3d9eb0899aae2d9787ea19cb3bb54f490cd6578d496a6ab8a7ae73ee913e03fdGentoo Linux Security Advisory 201309-17 - Multiple vulnerabilities have been discovered in Monkey HTTP Daemon, the worst of which could result in arbitrary code execution. Versions less than 1.2.2 are affected.
0bf65ad73e535f0517decce91fe8c3808bae00aec63238d2632884ef1b671076Cisco Security Advisory - A vulnerability in the T1/E1 driver queue implementation of Cisco IOS Software could allow an unauthenticated, remote attacker to cause an interface wedge condition, which could lead to loss of connectivity, loss of routing protocol adjacency, and could result in a denial of service (DoS) scenario. The vulnerability is due to incorrect implementation of the T1/E1 driver queue. An attacker could exploit this vulnerability by sending bursty traffic through the affected interface driver. Repeated exploitation could cause a DoS condition. Workarounds to mitigate this vulnerability are available.
989c2c1ca08d2b73e323083463ba6ab26781b1d701b95e1f1b2ba6ad1b17e705
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed